Merge pull request #438 from ffurano/master

XrdHTTP: Deny access if the secXtractor fails
xrootd · Dec 12, 2016 · 2f91673 · 2f91673
2 parents 69bd779 + 407f743
commit 2f91673
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/src/XrdHttp/XrdHttpProtocol.cc b/src/XrdHttp/XrdHttpProtocol.cc
@@ -333,8 +333,12 @@ int XrdHttpProtocol::GetVOMSData(XrdLink *lp) {
   // This will fill the XrdSec thing with VOMS info, if VOMS is
   // installed. If we have no sec extractor then do nothing, just plain https
   // will work.
-  if (secxtractor)
-    secxtractor->GetSecData(lp, SecEntity, ssl);
+  if (secxtractor) {
+    int r = secxtractor->GetSecData(lp, SecEntity, ssl);
+    if (r)
+      TRACEI(ALL, " Certificate data extraction failed: " << peer_cert->name << " Failed. err: " << r);
+    return r;
+  }
 
   return 0;
 }